<?php
/*
 * File AuthorizationManager.php for project Rijlesplanner.nl
 * Created on 28 nov 2007 at 23:30:33 by Ivar Pruijn
 */

class AuthorizationManager {
	private $user;
	
	/**
	 * void __construct ()
	 * This is the constructor method for the User class.
	 */
	public function __construct() {
   	}

   	public function AuthorizationManager(User $user=NULL) {
		$this->user = $user;
	}
	
   	public function setUser(User $user=NULL) {
		$this->user = $user;
	}

	public function accessTo($module="",$option="",$action="") {
		global $logger;
    	if(!array_key_exists($module,$this->user->getACL())) {
			return false;
    	} else if (!empty($option)) {
   			$options = array();
    		$acl = $this->user->getACL($module);
    		if(isset($acl['options']) && is_array($acl['options'])) {
    			$options = array_values($acl['options']);
    		}
    		//$logger->log("Options for this module: ".print_r($options,true)."",PEAR_LOG_DEBUG);
    		//$logger->log("Option under evaluation: ".$option."...",PEAR_LOG_DEBUG);
	    	if(!in_array($option,$options)) {
				return false;
	    	} else {
    			//$logger->log("Option ".$option." authorized...",PEAR_LOG_DEBUG);
				return true;
	    	}
    	} else if (!empty($action)) {
   			$actions = array();
    		$acl = $this->user->getACL($module);
    		if(isset($acl['actions']) && is_array($acl['actions'])) {
    			$actions = array_values($acl['actions']);
    		}
    		//$logger->log("Actions for this module: ".print_r($actions,true)."",PEAR_LOG_DEBUG);
    		//$logger->log("Action under evaluation: ".$action."...",PEAR_LOG_DEBUG);
	    	if(!in_array($action,$actions)) {
				return false;
	    	} else {
    			//$logger->log("Action ".$action." authorized...",PEAR_LOG_DEBUG);
				return true;
	    	}
    	}
    	return true;
	}

   	public function __toString() {
        return "Authorization Manager";
    }


  function determineReferer($referer) {
	$referer = isset($_POST['referer']) ? $_POST['referer'] : "";
	$referer = (empty($referer) && isset($_SERVER['HTTP_REFERER']) && parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST) == $_SESSION['config']['sitehostname']) ? $_SERVER['HTTP_REFERER'] : $_SERVER['REQUEST_URI'];
	// now check whether the user still has access to this referer (may not be the case after login/logout), and re-determine the referer URL
	$parseurl = parse_url($referer);
	/*
	// without mod_rewrite
	if(isset($parseurl['query'])) {
		parse_str($parseurl['query'],$refcomponents);
		if(count($refcomponents) > 0) {
			$referer = "";
			if(isset($refcomponents['module']) && $auth->accessTo($refcomponents['module'])) {
				$referer .= "/".$refcomponents['module']."/";
				if(isset($refcomponents['option']) && $auth->accessTo($refcomponents['module'],$refcomponents['option'])) {
					$referer .= $refcomponents['option']."/";
					if(isset($refcomponents['action']) && $auth->accessTo($refcomponents['module'],"",$refcomponents['action'])) {
						$referer .= $refcomponents['action']."/";
					}
				}
			}
		}
	} else {
		$referer = $config['siteURL'];
	}
	*/
	// with mod_rewrite
	if(isset($parseurl['path'])) {
		$refcomponents = explode("/", $parseurl['path']);
		if(count($refcomponents) > 0) {
			$referer = "";
			if(isset($refcomponents[1]) && $this->accessTo($refcomponents[1])) {
				$referer .= "/".$refcomponents[1]."/";
				if(isset($refcomponents[2]) && $this->accessTo($refcomponents[1],$refcomponents[2])) {
					$referer .= $refcomponents[2]."/";
					if(isset($refcomponents[3]) && $this->accessTo($refcomponents[1],"",$refcomponents[3])) {
						$referer .= $refcomponents[3]."/";
					}
				}
			}
		}
	} else {
		$referer = $this->config['siteURL'];
	}
	return $referer;
  }
}    
?>
